[Winpcap-bugs] Windows Vista Capture Problem

Kevin kgrom7 at gmail.com
Tue Jul 3 20:01:45 GMT 2007 

Thank you for your reply. Yes, I think you’re probably right. I can see my
own traffic when promiscuous mode is disabled and when it is enabled. I know
support is poor for wireless adapters, but I haven’t been able to find one
that works properly yet and I’ve tried three adapters. I don’t need to
capture raw packets. I’m just trying to see basic stuff like HTTP etc. For
some reason the Vista drivers for all my wireless adapters don’t support
promiscuous mode apparently, which is odd since they supported it perfectly
under Windows XP. I’ve talked to some other people who have run into the
same problem as me and they were using Atheros with the latest Vista
drivers, another card that worked properly with winpcap under XP. It’s just
strange that three different adapters that worked under XP wouldn’t work
under Vista. It kind of makes me think it must have something to do with the
architecture of Vista and how it supports drivers. But it works fine with my
regular nic, so I have no clue. I’d just love to be able to find a way to
use winpcap under Vista. I’m afraid to buy another adapter because it may do
the same thing. Any ideas? Anyone successfully used any adapter under Vista?
If so which one.

 

Thanks a lot,

 

Kevin

 

From: Gianluca Varenni [mailto:gianluca.varenni at cacetech.com] 
Sent: Tuesday, July 03, 2007 2:44 PM
To: Kevin; winpcap-bugs at winpcap.org
Subject: Re: [Winpcap-bugs] Windows Vista Capture Problem

 

The problem is probably due to the fact that most of the wireless network
card drivers fail to go into promiscuous mode. 

 

What I suspect you will see is that if you disable promiscuous mode, you
will capture your own traffic only. If you enable promiscuous mode, you
might possibly see NO traffic at all (this is a bug in WinPcap that has been
fixed recently).

 

As specified in this FAQ

 

HYPERLINK
"http://www.winpcap.org/misc/faq.htm#Q-16"http://www.winpcap.org/misc/faq.ht
m#Q-16

 

support for capture over wireless networks in quite poor, mainly due to the
limitations of the current wireless drivers (and windows itself).

 

Let me know if this answers your questions.

 

Have a nice day

GV

----- Original Message ----- 

From: HYPERLINK "mailto:kgrom7 at gmail.com"Kevin 

To: HYPERLINK "mailto:winpcap-bugs at winpcap.org"winpcap-bugs at winpcap.org 

Sent: Saturday, June 30, 2007 5:55 PM

Subject: [Winpcap-bugs] Windows Vista Capture Problem

 

Winpcap version: 4.0

 

OS: Windows Vista Home Premium x86

 

Windump ouput: see attached zip

 

Network Adapters: Broadcom 802.11g network adapter, Marvel Yukon 88E8038
PCI-E Fast Ethernet Controller

 

Special software / firewalls: none

 

Problem Description: I'm using WinpCap 4.0 with Wireshark and I'm unable to
capture packets in promiscuous mode using the Broadcom network adapter. I
can see all my own traffic perfectly fine but the network traffic does not
show up properly. All I see are ARP packets. I can't see any HTTP packets
from the other machines on my network. My broadcom card shows up as
Microsoft in wireshark but it shows the correct ip address. The Marvel Yukon
adapter works perfectly fine even in promiscuious mode. I've tried other
network cards atheros etc and all of them produce the same results. I
thought it may be a driver issue but after trying different cards and
drivers I changed my mind. I'm completly stumped. If you could look into
this I would be very greatful. 

 

Thank you for your time,

 

Kevin

   _____  

_______________________________________________
Winpcap-bugs mailing list
Winpcap-bugs at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-bugs

 

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.9.14/885 - Release Date: 7/3/2007
10:02 AM


No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.476 / Virus Database: 269.9.14/885 - Release Date: 7/3/2007
10:02 AM
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20070703/e352d3c3/attachment.htm

More information about the Winpcap-bugs mailing list